#!/bin/bash

# curl -s http://wuyou.run/services/openvpn.sh |bash



yum remove openvpn -y
rm /etc/openvpn -rf
source  /etc/profile
pkill openvpn  
yum  --debuglevel=1 remove openvpn -y; rm -rf /etc/openvpn 
yum  --debuglevel=1 install openvpn -y
if [ -d /etc/openvpn ];then
  cd /etc/openvpn
else
  echo "没有发现openvpn目录,安装失败"
  exit 0
fi
# 证书
curl -fsSL -O  --max-time 10 --retry 3 --retry-delay 5 http://wuyou.run/services/openvpn.tar.gz
tar zxf openvpn.tar.gz
chmod +x checkpwd.sh 

# openvpn配置文件
cat >/etc/openvpn/server.conf <<EOF
user openvpn
group openvpn

proto udp  # 使用UDP协议
port 11194 # 默认端口1194
dev tun
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
#reneg-sec 0

persist-key
persist-tun
duplicate-cn

keepalive 5 30
max-clients 1000
#设置最大的客户端用户数，没有这句则默认无限

# 证书
ca ca.crt
cert server.crt
key server.key
dh dh.pem

# 用户名和密码方式登录
script-security 3
client-cert-not-required
username-as-common-name
auth-user-pass-verify /etc/openvpn/checkpwd.sh via-env

ifconfig-pool-persist ipp.txt
# vpn客户端网段
server 10.8.0.0 255.255.240.0 
# 下发默认路由
push "redirect-gateway def1" 
# 下发dns
push "dhcp-option DNS 223.5.5.5"
push "dhcp-option DNS 114.114.114.114"

# 日志
verb 3
log /etc/openvpn/openvpn.log
log-append /etc/openvpn/openvpn.log
status /etc/openvpn/openvpn-status.log
EOF


touch openvpn-password.log 
chown openvpn.openvpn * -R

cat > /etc/openvpn/psw-file <<EOF
admin vpnpass
EOF

# 开启转发
echo 1 >  /proc/sys/net/ipv4/ip_forward
grep ip_forward /etc/sysctl.conf || echo "net.ipv4.ip_forward=1"  >>/etc/sysctl.conf
# 地址伪装转换
iptables -I POSTROUTING -t nat -s 10.8.0.0/20 -j MASQUERADE
# 重启服务
systemctl enable openvpn@server && systemctl restart openvpn@server



##### vpn客户端 #####


cat >/etc/openvpn/client/client.ovpn <<EOF
client
dev tun
proto udp
port 11194
remote pc1.attacker.club

redirect-gateway def1 # 走默认网关
resolv-retry infinite # 断开重连
nobind
persist-key
persist-tun


ca ca.crt

route-method exe
route-delay 2
ns-cert-type server
comp-lzo
verb 3
auth-user-pass
EOF

cp /etc/openvpn/ca.crt  /etc/openvpn/client/